A Survey of Security Challenges and Solutions for UAS Traffic Management (UTM) and small Unmanned Aerial Systems (sUAS)

• URL: http://arxiv.org/abs/2601.08229v1
• Date: Tue, 13 Jan 2026 05:18:49 GMT
• Title: A Survey of Security Challenges and Solutions for UAS Traffic Management (UTM) and small Unmanned Aerial Systems (sUAS)
• Authors: Iman Sharifi, Mahyar Ghazanfari, Abenezer Taye, Peng Wei, Maheed H. Ahmed, Hyeong Tae Kim, Mahsa Ghasemi, Vijay Gupta, Noah Dahle, Robert Canady, Abel Diaz Gonzalez, Austin Coursey, Bryce Bjorkman, Cailani Lemieux-Mack, Bryan C. Ward, Xenofon Koutsoukos, Gautam Biswas, Heber Herencia-Zapana, Saqib Hasan, Isaac Amundson, Filippos Fotiadis, Ufuk Topcu, Junchi Lu, Qi Alfred Chen, Nischal Aryal, Amer Ibrahim, Abdul Karim Ras, Amir Shirkhodaie,
• Abstract summary: Small Unmanned Aerial Systems (sUAS) for civil and commercial missions are vulnerable to cyber-security threats.<n>This paper presents a comprehensive survey of cyber-security vulnerabilities and defenses tailored to the sUAS and UTM ecosystem.
• Score: 25.67972631925627
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The rapid growth of small Unmanned Aerial Systems (sUAS) for civil and commercial missions has intensified concerns about their resilience to cyber-security threats. Operating within the emerging UAS Traffic Management (UTM) framework, these lightweight and highly networked platforms depend on secure communication, navigation, and surveillance (CNS) subsystems that are vulnerable to spoofing, jamming, hijacking, and data manipulation. While prior reviews of UAS security addressed these challenges at a conceptual level, a detailed, system-oriented analysis for resource-constrained sUAS remains lacking. This paper presents a comprehensive survey of cyber-security vulnerabilities and defenses tailored to the sUAS and UTM ecosystem. We organize existing research across the full cyber-physical stack, encompassing CNS, data links, sensing and perception, UTM cloud access, and software integrity layers, and classify attack vectors according to their technical targets and operational impacts. Correspondingly, we review defense mechanisms ranging from classical encryption and authentication to adaptive intrusion detection, lightweight cryptography, and secure firmware management. By mapping threats to mitigation strategies and evaluating their scalability and practical effectiveness, this work establishes a unified taxonomy and identifies open challenges for achieving safe, secure, and scalable sUAS operations within future UTM environments.

Related papers

• From Secure Agentic AI to Secure Agentic Web: Challenges, Threats, and Future Directions [20.73038673205127]
  We provide a transition-oriented view from Secure Agentic AI to a Secure Agentic Web.<n>We first summarize a component-aligned threat taxonomy covering prompt abuse, environment injection, memory attacks, toolchain abuse, model tampering, and agent network attacks.<n>We then review defense strategies, including prompt hardening, safety-aware decoding, privilege control for tools and APIs, runtime monitoring, continuous red-teaming, and protocol-level security mechanisms.
  arXiv  Detail & Related papers  (2026-03-02T07:44:18Z)
• Secure Semantic Communications via AI Defenses: Fundamentals, Solutions, and Future Directions [44.71660423560587]
  This survey provides a defense-centered and system-oriented synthesis of security in SemCom via AI defense.<n>We present a structured taxonomy of defense strategies organized by where semantic integrity can be compromised in SemCom systems.<n>We also examine security utility operating envelopes that capture tradeoffs among semantic fidelity, robustness, latency, and energy.
  arXiv  Detail & Related papers  (2026-02-25T17:28:07Z)
• ORCA -- An Automated Threat Analysis Pipeline for O-RAN Continuous Development [57.61878484176942]
  Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats.<n>Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis.<n>We propose an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases.
  arXiv  Detail & Related papers  (2026-01-20T07:31:59Z)
• Cybersecurity of High-Altitude Platform Stations: Threat Taxonomy, Attacks and Defenses with Standards Mapping - DDoS Attack Use Case [46.15641504748965]
  High-Altitude Platform Stations (HAPS) are emerging stratospheric nodes within non-terrestrial networks.<n>We provide a structured overview of HAPS subsystems and principal communication links, map cybersecurity and privacy exposure across communication, control, and power subsystems, and propose a stratosphere-aware threat taxonomy.<n>We report a simulation-based case study using OMNeT++/INET to characterize distributed-denial-of-service (DDoS) impact on service and control-plane availability.
  arXiv  Detail & Related papers  (2025-11-16T20:28:58Z)
• OS-Sentinel: Towards Safety-Enhanced Mobile GUI Agents via Hybrid Validation in Realistic Workflows [77.95511352806261]
  Computer-using agents powered by Vision-Language Models (VLMs) have demonstrated human-like capabilities in operating digital environments like mobile platforms.<n>We propose OS-Sentinel, a novel hybrid safety detection framework that combines a Formal Verifier for detecting explicit system-level violations with a Contextual Judge for assessing contextual risks and agent actions.
  arXiv  Detail & Related papers  (2025-10-28T13:22:39Z)
• End-to-End Co-Simulation Testbed for Cybersecurity Research and Development in Intelligent Transportation Systems [5.804791448287085]
  This chapter discusses an integrated co-simulation testbed that links CARLA for 3D environment and sensor modeling, SUMO for microscopic traffic simulation and control, and OMNeT++ for V2X communication simulation.<n>The co-simulation testbed enables end-to-end experimentation, vulnerability identification, and mitigation benchmarking.<n>To illustrate its capabilities, the chapter incorporates a case study on a C-V2X proactive safety alert system enhanced with post-quantum cryptography.
  arXiv  Detail & Related papers  (2025-09-20T01:21:54Z)
• Generative AI-Empowered Secure Communications in Space-Air-Ground Integrated Networks: A Survey and Tutorial [107.26005706569498]
  Space-air-ground integrated networks (SAGINs) face unprecedented security challenges due to their inherent characteristics.<n>Generative AI (GAI) is a transformative approach that can safeguard SAGIN security by synthesizing data, understanding semantics, and making autonomous decisions.
  arXiv  Detail & Related papers  (2025-08-04T01:42:57Z)
• Expert-in-the-Loop Systems with Cross-Domain and In-Domain Few-Shot Learning for Software Vulnerability Detection [38.083049237330826]
  This study explores the use of Large Language Models (LLMs) in software vulnerability assessment by simulating the identification of Python code with known Common Weaknessions (CWEs)<n>Our results indicate that while zero-shot prompting performs poorly, few-shot prompting significantly enhances classification performance.<n> challenges such as model reliability, interpretability, and adversarial robustness remain critical areas for future research.
  arXiv  Detail & Related papers  (2025-06-11T18:43:51Z)
• A Systematic Review of Security Vulnerabilities in Smart Home Devices and Mitigation Techniques [0.0]
  The study explores security threats in smart homes ecosystems, categorizing them into vulnerabilities at the network layer, device level, and those from cloud-based and AI-driven systems.<n>Research findings indicate that post-quantum encryption, coupled with AI-driven anomaly detection, is highly effective in enhancing security.
  arXiv  Detail & Related papers  (2025-04-03T00:03:53Z)
• Cyber Defense Reinvented: Large Language Models as Threat Intelligence Copilots [36.809323735351825]
  CYLENS is a cyber threat intelligence copilot powered by large language models (LLMs)<n>CYLENS is designed to assist security professionals throughout the entire threat management lifecycle.<n>It supports threat attribution, contextualization, detection, correlation, prioritization, and remediation.
  arXiv  Detail & Related papers  (2025-02-28T07:16:09Z)
• Physical and Software Based Fault Injection Attacks Against TEEs in Mobile Devices: A Systemisation of Knowledge [5.6064476854380825]
  Trusted Execution Environments (TEEs) are critical components of modern secure computing. They provide isolated zones in processors to safeguard sensitive data and execute secure operations. Despite their importance, TEEs are increasingly vulnerable to fault injection (FI) attacks.
  arXiv  Detail & Related papers  (2024-11-22T11:59:44Z)
• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• Enhancing Enterprise Security with Zero Trust Architecture [0.0]
  Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics.
  arXiv  Detail & Related papers  (2024-10-23T21:53:16Z)
• Machine Learning-Assisted Intrusion Detection for Enhancing Internet of Things Security [1.2369895513397127]
  Attacks against the Internet of Things (IoT) are rising as devices, applications, and interactions become more networked and integrated. To efficiently secure IoT devices, real-time detection of intrusion systems is critical. This paper investigates the latest research on machine learning-based intrusion detection strategies for IoT security.
  arXiv  Detail & Related papers  (2024-10-01T19:24:34Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.